1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
const express = require("express");
const mysql = require("mysql");
const bodyParser = require("body-parser");
const https = require("https");
const config = require("./config.json");
const api = express();
const db = mysql.createConnection({
host : config.sql.host,
user : config.sql.user,
password : config.sql.password,
database : config.sql.database
});
const checkCaptcha = (req, res, next) => {
const token = String(req.get("X-CAPTCHA-TOKEN"));
if (!token.match(/^[a-zA-Z0-9-_]{8,}$/)) {
res.status(403).json({
status: "error",
error: "no token sent"
});
return;
}
https.get(`https://www.google.com/recaptcha/api/siteverify?secret=${config.recaptcha.secret}&response=${token}`, (re) => {
re.setEncoding("utf8");
re.on("data", response => {
const data = JSON.parse(response);
if (!data.success) {
console.error(`recaptcha returned an error: ${JSON.stringify(data)}`);
res.status(403).json({
status: "error",
error: "captcha validation failed"
});
return;
}
next(); // challenge passed, so process the request
});
}).on("error", error => {
console.error(error);
res.status(403).json({
status: "error",
error: "recaptcha couldn't be reached"
});
return;
})
};
api.use(checkCaptcha);
api.use(bodyParser.json());
api.post("/api/account", (req, res) => {
if (!req.body || !Reflect.has(req.body, "username") ||
!Reflect.has(req.body, "password") || !Reflect.has(req.body, "email") ||
!req.body.username.match(/^[a-zA-Z0-9]{4,23}$/) ||
!req.body.password.match(/^[a-zA-Z0-9]{4,23}$/) ||
!req.body.email.match(/^|(?:[a-zA-Z0-9.$&+=_~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*)$/) ||
req.body.email.length >= 40)
{
res.status(400).json({
status: "error",
error: "malformed request"
});
return;
}
let account = {
username: req.body.username,
password: req.body.password,
email: req.body.email || "a@a.com"
};
db.connect();
db.query(`SELECT COUNT(*) FROM ${config.sql.table} WHERE USERNAME="${account.username}"`, (err, rows, fields) => {
if (err) {
res.status(500).json({
status: "error",
error: "couldn't reach the database"
});
} else if (rows[0].count > 0) {
res.status(409).json({
status: "error",
error: "already exists"
});
} else {
db.query(`INSERT INTO ${config.sql.table} (USERNAME, PASSWORD, EMAIL, GENDER) VALUES ("${account.username}", "${account.password}", "${account.email}", "N")`, (err, rows, fields) => {
if (err) {
res.status(500).json({
status: "error",
error: "couldn't add the user"
});
} else {
res.status(201).json({
status: "success"
});
}
});
}
});
db.close();
});
api.use((req, res, next) => {
res.status(404).json({
status: "error",
error: "unknown endpoint"
});
});
api.set("trust proxy", "loopback"); // only allow localhost to communicate with the API
api.listen(config.port, () => console.info(`Listening on port ${config.port}`));
|